General
-
Target
b1bfc90de9dcea999dedf285c3d3d7e1901847d84ec297224a0d82720d0ed501
-
Size
3.5MB
-
Sample
211221-kc1kcsdeam
-
MD5
fbbf910540a9e199d4a31e3cded5a699
-
SHA1
aed34a9c9de5a5ec574aa0608c0c4941799f35ca
-
SHA256
b1bfc90de9dcea999dedf285c3d3d7e1901847d84ec297224a0d82720d0ed501
-
SHA512
ccb94643708fde248065fae36b2520b72d43fdb7e61c26fb32014a02c9359edabe212da5d5acc0ee7809c50cdc6725802902fe1553c6da66ac3258a2ce13d2ea
Static task
static1
Behavioral task
behavioral1
Sample
b1bfc90de9dcea999dedf285c3d3d7e1901847d84ec297224a0d82720d0ed501.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b1bfc90de9dcea999dedf285c3d3d7e1901847d84ec297224a0d82720d0ed501.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\rn9D_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
b1bfc90de9dcea999dedf285c3d3d7e1901847d84ec297224a0d82720d0ed501
-
Size
3.5MB
-
MD5
fbbf910540a9e199d4a31e3cded5a699
-
SHA1
aed34a9c9de5a5ec574aa0608c0c4941799f35ca
-
SHA256
b1bfc90de9dcea999dedf285c3d3d7e1901847d84ec297224a0d82720d0ed501
-
SHA512
ccb94643708fde248065fae36b2520b72d43fdb7e61c26fb32014a02c9359edabe212da5d5acc0ee7809c50cdc6725802902fe1553c6da66ac3258a2ce13d2ea
-
Modifies security service
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-